Two Romanians arrested for hacking D.C. surveillance cameras before Trump inauguration

Two Romanian nationals were arrested trying to leave the country for allegedly taking over Washington D.C. surveillance cameras right before President Trump’s inauguration.


Mihai Isvanca and Eveline Cismaru were arrested earlier this month in Bucharest and now await extradition to the U.S. on charges of wire fraud and attacking protected computers, according to court filings from the Department of Justice.

The pair is accused of taking control of approximately 123 computers that control cameras in the nation’s capital for four days starting January 9 and used them to send ransomware emails.

An affidavit says that an administrator for Washington D.C.’s Metropolitan Police discovered the intrusion on January 12, with signs that the malware “Cerber” and “Dharma” were being sent to a list of 179,000 email addresses contained in a text file.

Investigators said evidence on the computers led to several email addresses including one that is the Romanian translation of “selling souls” and one for Cismaru with the exact same text file full of email accounts.

It is unclear if any of the “phishing” emails trying to get victims to open infected material were successful, though both an email for Cismaru and an email for Isvanca were also seen transferring information about thousands of credit cards.

After being traced through IP addresses, prosecutors say both Isvanca and Cismaru are on house arrest in Romania.

The complaint does not say why the alleged hackers targeted the Washington D.C. camera system rather than other potential victims, though the use of ransomware suggests money was the motivation rather than access to the cameras.

Officials in the capital and Secret Service acknowledged the breach back in January, though said it was never a threat to public safety.

The hack also reportedly did not extend to the city’s computer system at large, and Washington’s Chief Technology Officer Archana Vemulapalli said the cameras were fixed by removing all software from them.